\section{Virtualization}
\label{cha:virtualization}

\subsection{What is Virtualization}
\emph{Virtualization} has been used for better pooling and sharing of resources on Servers. Yet there are many other applications which greatly benefit from the properties of Virtualization.


\emph{Virtual Machine Monitor(VMM)} also known as the Hypervisor is a thin layer of software that runs directly on the hardware of a machine. The Hypervisor enables multiple Virtual Machines to run at the same time.
The VMM exposes an abstraction which models the underlying hardware which it is running on. The modeled abstraction is such that software which would run on the underlying hardware would also run on the VMM.

\subsection{Virtualization Architectures}
Hypervisors are classified into two Types\cite{Wiki:hypervisor}. The architecture diagrams of the two types are shown in figure \ref{fig:hypervisorTypes}.

\begin{itemize}
\item Type 1 hypervisor (or Type 1 virtual machine monitor)
    \begin{itemize}    
    \item    Software that runs directly on a given hardware platform. A ``guest" operating system runs at the second level above the hardware.
    \end{itemize}
\item Type 2 hypervisor (or Type 2 virtual machine monitor)
    \begin{itemize}
    \item Software that runs within an operating system environment. A ``guest" operating system runs at the third level above the hardware. Any Security vulnerabilities that lead to a compromise in the Host OS can lead to a full compromise of the entire System.

    \end{itemize}
\end{itemize}

Type 1 hypervisors have the features which enable the development of better Secure System, hence Type 1 hypervisors will be considered in this Survey.

\begin{figure}
\caption{Hypervisor Types  \label{fig:hypervisorTypes}}
\begin{center}
\ifpdf
    \includegraphics[width=5in]{images/HypervisorArchi.jpg}
\else
    \includegraphics[width=5in]{images/HypervisorArchi.eps}
\fi
\end{center}
\textsl{Architecture Types of Hypervisors}
\end{figure}


\subsection{Functionality of Virtualization}

A \emph{Virtual Machine (VM)} is a logical process (a Operating System) that interfaces with the above mentioned emulated hardware and is managed by a underlying control program.

Hypervisor can fully isolate the software running on VMs from the other VMs as well as from the Hypervisor itself. This is one of the main properties of Virtualization which enable the implementation of Secure Systems.


The Hypervisor provides each Virtual Machine with logical resources multiplexed by a single physical resource.

\begin{description}
\item[CPU Virtualization]
Hypervisor is the only process that would run in the most privileged mode of the processor. The Virtual Machines run in less privileged modes. Traps and interrupts that occur when the Virtual Machine runs transfers the control to the Hypervisor. When the VM accesses a privileged operation the hypervisor emulates the operation for the VM. This feature allows the Hypervisor to control the Virtual Machine whatever the software on the VM does.

\item[Memory Virtualization]
Each VM is mapped to a potion of the physical memory in such a way that none of the VMs or the Hypervisor shares the same physical memory area.
The Hypervisor controls the real MMU while each Virtual Machine will have a virtual MMU that reflects the VM's view of its address space.

\item[Input / Output Virtualization ]
Each I/O request of the VMs are send to the virtual Devices, and then they are correctly mapped to the correct physical I/O device by the hypervisor.
\end{description}


\subsection{Architectural Approaches of Virtualization}
\subsubsection{Full virtualization}
Hypervisor simulates full set of instructions of the underlying hardware. Full-Virtualization enables unmodified OSs to run virtualized on the hypervisor.
There is a performance penalty due to software emulation
\subsubsection{ParaVirtualization}
A Hypervisor that provides a software interface that is similar, but not identical to the underlying hardware. In order to run on top of the Hypervisor the OSs must be modified.
Improves performance over full virtualization but limited to OSs specifically modified for paravirtualization.
\subsubsection{OS Virtualization}
Virtualizes a server at the OS level, presenting multiple instances of the host OS to applications.
\subsubsection{Application Virtualization}
Wraps the Application in a fully self-contained image that doesn't conflict with other applications or the host OS.



%\subsection{Properties of Hypervisors which provides Assurance for Secure Services ( Intrusion Detection Systems) }

%\subsubsection{Secure Base}
%Virtual Machines can provide a Base for Trusted Applications \cite{garfinkel03terra}. These provide an architecture where implementation of secure Systems is possible. This is due to the consideration that hypervisors are difficult to compromise.
%Hypervisor is a simpler and smaller mechanism when compared with an Operating System, and can be implemented considerably correctly with fewer bugs.
%Interface of a Hypervisor is simpler, more constrained and well specified. Protection model is simpler, has to only provide isolation and resource allocation. Therefore the base which is the Hypervisor is hard to be compromised and provides the secure base needed for the applications.

%In addition to the secure base provided by hypervisors there are many other benefits that Virtualization architecture provides to be secure.

%\subsubsection{Isolation}
%They Hypervisor provide strong isolation, so that one VM cannot access or modify other VMs. This ensures a compromised VM cannot compromise any other VM or the Hypervisor.
%\subsubsection{Inspection}
%Virtualization can provide inspection into the VM's activities. Since VMs run on the Hypervisor the entire state of each VM is accessible to the Hypervisor. This makes it impossible to evade a VM based IDS.

%\subsubsection{Interposition}
%All VMs execute privileged instructions through the hypervisor, hence it is possible to detect the instructions and that are being fired by any VM and appropriate action be taken for any System call that is made.
%This allows the IDS to capture any System call made to do malicious activities.




 
\subsection{Xen}

Xen is an Open Source virtualization software based on para-virtualization technology. Para-virtualization requires the modification of the host OS, yet provides near native performance.

There are many benefits in choosing Xen for the study, para-virtualization that it offers better performance and there is a Open Source version of this commercially available virtualization technology.

\begin{figure}
\caption{Xen Architecture  \label{fig:xen}}
\begin{center}
\ifpdf
    \includegraphics[width=4in]{images/xen.png}
\fi
\end{center}
\textsl{Xen Architecture. (extracted from 'An Introduction to Virtualization' \cite{introXen})}
\end{figure}

Figure \ref{fig:xen} shows the Architecture of Xen 3.0, with 4 VMs. The architecture includes the Xen VMM, providing the abstraction of the underlying physical hardware layer.
Domain0 has the access to the ``Control Interface" of VMM thought which the VMs are created, destroyed and managed. It is possible to create VMs with special privileges that can directly access the hardware through ``Secure Interface". There are also VMs that access the physical resources provided by Domain 0's Control and management interface.

Xen enables the para-virtualization of Physical Resources such as CPU, memory, and I/O components.
\begin{description}

\item[CPU operations]
Xen is for the x86 CPU virtualization and uses the four privilege levels provided by x86. The VMM executes at ring 0, the guest OS at ring 1 and the applications at ring 3, when an application executes in a higher privileged mode, the instructions are verified and executed by the VMM.

\item[Memory operations]
The Host VMs are modified to be able to access memory in a non-contiguous manner, unlike an un-virtualized OS needing contiguous memory. Guest OSs allocate and manage page tables, but direct writes are intercepted and validated by Xen VMM.

\item[I/O operations]
Xen exposes a set of clean and simple device abstractions.


\end{description}


Xen also supports Full-Virtualization with the use of Intel Virtualization Technology(VT), enabling un-modified Guests to be run on Xen (Windows XP, which cannot be modified).




